<!DOCTYPE html>
<html>

<head>
	<title>Online Store Login</title>
	<link rel="stylesheet" type="text/css" href="css/style.css">
</head>

<body>
	<header>
		<h2>Online Store</h2>
	</header>
	<main>
		<div class="content narrowbox">
			<h2>Login</h2>
			<hr>
			<!--display result-->
			<p class="infotext">
				<?php
				include "connectStoreDB.php";

				$user = $_POST["usr"];
				$pwd = $_POST["pwd"];
				$role = $_POST["role"];

				// query 
				if ($role == "admin") {
					if ($pwd == "admin123" && $user == "admin") {
						echo "successfully login as admin!";
						header("Location: admin.php");
					} else {
						echo "wrong admin username or password";
					}
				} else {

					if ($role == "customer") {
						$sql = "SELECT * FROM customers WHERE customer_id=$user";
					} else {
						$sql = "SELECT * FROM sellers WHERE seller_id=$user";
					}

					$result = $conn->query($sql);

					if ($result->num_rows > 0) {
						//get password from db
						$row = mysqli_fetch_array($result);
						$db_pwd = $row[1];

						//check password
						if ($db_pwd != $pwd) {
							echo "wrong password!";
						} else {

							//session to store login status
							session_start();
							$_SESSION['user'] = $user;
							$_SESSION['role'] = $role;

							//redirect to different pages
							switch ($role) {
								case "customer":
									header("Location: customer.php");
									break;
								case "seller":
									header("Location: seller.php");
									break;
							}

						}
					} else {
						echo "no such user, please register first!<br><br>go to <a href='RegisterPage.php'>Register</a>";
					}

					//close connection
					mysqli_close($conn);
				}
				?>
			</p>
			<br>
			<hr>
			<br>
			<p class="infotext">back to <a href="LoginPage.html">Login</a></p>
		</div>
	</main>
</body>

</html>